Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Youprivacyguard Malware Removal From External Hd


  • This topic is locked This topic is locked
3 replies to this topic

#1 captainbeans

captainbeans

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 25 October 2007 - 06:06 AM

Hey all,

I think my external hard disk is infected with the malware that causes IE to popup www.yourprivacyguard.com from time to time. I've fixed my system using combofix but i realise whenever i plug in my external hard disk into my pc, the popup thing comes back. Does anyone have any idea how i can fix this?

captainbeans

BC AdBot (Login to Remove)

 


m

#2 captainbeans

captainbeans
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 25 October 2007 - 11:08 AM

this is the hijackthis log

Attached Files



#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:10 PM

Posted 01 November 2007 - 09:53 AM

Hello and welcome to BC. :thumbsup:

Please do not attach your logs but paste it here unless specifically asked to do so.

====================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Click Start>Run, type in appwiz.cpl and press Enter.
  • Remove all entries of Runtime Environment (J2SE or JRE) that are listed.
  • Now reboot your computer.
  • Download the latest version of Java Runtime Environment, and install it to your computer.
======================================

Scan with HijackThis and put a checkmark against the following entries:

\Desktop\HijackThis.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll

======================================

Delete the Combofix you already have. It's updated several times a day.

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

Attach your external hard drive.
  • Close any open browsers. Disconnect from the internet.
  • Close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix. Remember to re-enable them when you are done.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


===============================

Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Edited by amateur, 01 November 2007 - 09:53 AM.


#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:10 PM

Posted 08 November 2007 - 07:52 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users